SSL is being used. However, I'm looking to protect against the situation where someone gets on the server. I don't want them to be able to view the files directly on the machine or be able to copy them to another machine and then view them. So I'm more looking to protect the files, not protect the data on the files while they are downloading them. Thanks for the response though.

Comment on
Re^2: Encrypt files on server and then decrypt when user downloads

I'm looking to protect against the situation where someone gets on the server. I don't want them to be able to view the files directly on the machine or be able to copy them to another machine and then view them.

If you are going to decrypt them during download, and the bad guys have access to the server, they would only need to inspect your download script to see how to decrypt the files.

If they can copy the encrypted file, they can also copy the decryption script and perform the decryption on their own machine at their leisure.

The only way to protect the files on a compromised server would be for the users to download them encrypted and decrypt them locally using local software and keys known only to themselves. For example, if you encrypted the files for each user using their public key, and they decrypt them locally using their private key.

The downside of that is that you would have to encrypt files that may be downloaded by multiple users, multiple times, and keep multiple, unique copies of them.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

I understand that it's not 100% secure, I'm just trying to add another layer, well it's not really me that wants to add it, but anyway.....also, just because they have access to the server and possibly the files, that wouldn't necessarily mean they have access to the script also. Thanks for the input though.

I echo BrowserUK's sentiment. Put another way "put your effort into protecting access to the files, not encrypting them". Using linux for an example, you can set the directory permission of the files to only allow read for the owner or group. The 'web-server SSL' user should be the owner. If a hacker can get access as the web-SSL user (or root), then you should be concentrating on improving access security, not download security. If this is a remote-FS issue, ie the web-server mounts the FS where these files reside, and security isn't as good on that file-server, fix the security there.

The attackers, if they get control of the server, could then only decrypt the files the users download by sniffing passphrases.

If the bad guys get access to the server, tweaking the download script to forward the filenames and associated decryption key to some dead-drop would be trivial.

Done with a little care, the server/site owner need never know the script had be tweaked unless they happened across the two or three lines of code that would need to be added to the source. Done with a little more care -- secreted into the source of a standard module called by the decryption script -- even that risk of discovery can be mitigated.

Far better that the user's decryption key is never seen by the server. And actually relatively easy to arrange. If the site doesn't want to require the user to download the tool and do the decryption manually, then they only need write the decryption code in javascript. It then gets downloaded to the users machine automatically and it prompts for the user's key locally.

It still requires the user to supply an encryption key prior to the file's creation; and to have a separately encrypted copy of a given file for each user that will download it.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

When putting a smiley right before a closing parenthesis, do you:

Use two parentheses: (Like this: :) )
Use one parenthesis: (Like this: :)
Reverse direction of the smiley: (Like this: (: )
Use angle/square brackets instead of parentheses
Use C-style commenting to set the smiley off from the closing parenthesis
Make the smiley a dunce: (:>
I disapprove of emoticons
Other